rlhf-feedback-loop 0.6.6 → 0.6.8

package/README.md

@@ -1,30 +1,39 @@
-# RLHF Feedback Loop
+# Agentic Feedback Studio — The Veto Layer & RLHF-Ready Dataset Engine
 
 [![CI](https://github.com/IgorGanapolsky/rlhf-feedback-loop/actions/workflows/ci.yml/badge.svg)](https://github.com/IgorGanapolsky/rlhf-feedback-loop/actions/workflows/ci.yml)
-[![npm](https://img.shields.io/npm/v/rlhf-feedback-loop)](https://www.npmjs.com/package/rlhf-feedback-loop)
-[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
-[![MCP Ready](https://img.shields.io/badge/MCP-ready-black)](adapters/mcp/server-stdio.js)
-[![DPO Ready](https://img.shields.io/badge/DPO-ready-blue)](scripts/export-dpo-pairs.js)
+[![Marketplace Ready](https://img.shields.io/badge/Anthropic_Marketplace-Ready-blue)](docs/ANTHROPIC_MARKETPLACE_STRATEGY.md)
+[![Veto Powered](https://img.shields.io/badge/Governance-Veto_Layer-red)](docs/VERIFICATION_EVIDENCE.md)
 
-**The complete RLHF data pipeline for AI coding agents.** Capture human feedback, build memory, generate prevention rules, and export DPO training pairs — the full loop from thumbs up/down to model fine-tuning.
+**The operational layer for high-density preference data.** Stop vibe-coding and start context engineering. The Agentic Feedback Studio provides the **Veto Layer** for AI workflows, capturing human feedback to generate **RLHF-ready datasets** and enforce kernel-level guardrails.
 
-## What This Is (and Isn't)
+## Why This Matters: From Vibes to Verification (V2V)
 
-This tool implements the **data collection and preference pipeline** side of RLHF — the part that turns your daily interactions with AI agents into structured training data. Out of the box, it:
+Most AI agents run on "vibes." We provide the infrastructure to convert those vibes into **Hard Evidence** for continuous improvement.
 
-- **Captures** thumbs up/down feedback with context, tags, and rubric scores
-- **Remembers** via JSONL logs + LanceDB vector search across sessions
-- **Prevents** repeated mistakes with auto-generated guardrails
-- **Recalls** relevant past feedback mid-conversation (in-session context injection)
-- **Exports** DPO training pairs (prompt/chosen/rejected) for model fine-tuning
+- **Veto Layer (Governance):** Convert subjective user feedback into non-bypassable architectural constraints (`CLAUDE.md`).
+- **RLHF-Ready Datasets:** Automatically generate high-density DPO (Direct Preference Optimization) pairs from real-world agent interactions.
+- **Online Bayesian Reward Estimation:** Uses Thompson Sampling to model user preferences in real-time, providing a local "Reward Signal" without heavy training.
 
-It does **not** update model weights in real-time. That's the fine-tuning step, which you do separately using the DPO pairs this tool exports. The full loop: capture feedback here → export DPO pairs → fine-tune with [TRL](https://github.com/huggingface/trl), [OpenPipe](https://openpipe.ai), or any DPO trainer → deploy improved model.
+## True Plug-and-Play: Zero-Config Integration
 
-## Architecture
+The Feedback Studio is a **Universal Agent Skill**. You can drop it into any repository without manual setup.
 
-![RLHF Architecture](docs/diagrams/rlhf-architecture-pb.png)
+- **Zero-Config Discovery:** Automatically detects project context. If no local `.rlhf/` directory exists, it safely fallbacks to a project-scoped global store in `~/.rlhf/`.
+- **Global Skill Installation:** Run one command to make the Studio available to all your agents across all projects.
 
-![Plugin Topology](docs/diagrams/plugin-topology-pb.png)
+### Quick Start (One Command)
+
+```bash
+npx rlhf-feedback-loop install
+```
+
+This will auto-detect your platforms (Claude, Codex, Gemini, Cursor) and install the feedback skill globally.
+
+## Use Cases
+
+- **Automated Code Reviews:** Capture PR feedback to enforce team-specific style guides autonomously.
+- **Self-Healing Multi-Agent Systems:** Share Veto rules across a swarm of agents to avoid systemic bottlenecks.
+- **DPO Dataset Engineering:** Collect proprietary preference data to fine-tune smaller, faster models that perform like GPT-4 on your specific codebase.
 
 ## Get Started
 
@@ -37,14 +46,11 @@ One command. Pick your platform:
 | **Gemini** | `gemini mcp add rlhf "npx -y rlhf-feedback-loop serve"` |
 | **Amp** | `amp mcp add rlhf -- npx -y rlhf-feedback-loop serve` |
 | **Cursor** | `cursor mcp add rlhf -- npx -y rlhf-feedback-loop serve` |
-| **All at once** | `npx add-mcp rlhf-feedback-loop` |
-
-That's it. Your agent can now capture feedback, recall past learnings mid-conversation, and block repeated mistakes. Run once per project — the MCP server starts automatically on each session.
 
 ## How It Works
 
 ```
-Thumbs up/down
+Subjective Signal (Vibe)
       |
       v
   Capture → JSONL log
@@ -57,14 +63,14 @@ Thumbs up/down
  Good    Bad
   |       |
   v       v
-Learn   Prevention rule
+Learn   Veto Layer (Rule)
   |       |
   v       v
 LanceDB   ShieldCortex
 vectors   context packs
   |
   v
-DPO export → fine-tune your model
+DPO export → RLHF / Fine-tune your model
 ```
 
 All data stored locally as **JSONL** files — fully transparent, fully portable, no vendor lock-in. **LanceDB** indexes memories as vector embeddings for semantic search. **ShieldCortex** assembles context packs so your agent starts each task informed.
@@ -80,18 +86,9 @@ The open-source package is fully functional and free forever. Cloud Pro is for t
 | DPO export | CLI command | API endpoint |
 | Setup | `mcp add` one-liner | Provisioned API key |
 | Team sharing | Manual (share JSONL) | Built-in (shared API) |
-| Support | GitHub Issues | Email |
-| Uptime | You manage | We manage (99.9% SLA) |
 
 [Get Cloud Pro](https://buy.stripe.com/bJe14neyU4r4f0leOD3sI02) | [Live API](https://rlhf-feedback-loop-710216278770.us-central1.run.app)
 
-## Deep Dive
-
-- [API Reference](openapi/openapi.yaml) — full OpenAPI spec
-- [Context Engine](docs/CONTEXTFS.md) — multi-agent memory orchestration
-- [Autonomous GitOps](docs/AUTONOMOUS_GITOPS.md) — self-healing CI/CD
-- [Contributing](CONTRIBUTING.md)
-
 ## License
 
 MIT. See [LICENSE](LICENSE).

package/bin/cli.js

@@ -6,11 +6,8 @@
  *   npx rlhf-feedback-loop init          # scaffold .rlhf/ config + .mcp.json
  *   npx rlhf-feedback-loop capture       # capture feedback
  *   npx rlhf-feedback-loop export-dpo    # export DPO training pairs
- *   npx rlhf-feedback-loop stats         # feedback analytics
- *   npx rlhf-feedback-loop rules         # generate prevention rules
- *   npx rlhf-feedback-loop self-heal     # run self-healing check + fix
- *   npx rlhf-feedback-loop prove         # run proof harness
- *   npx rlhf-feedback-loop start-api     # start HTTPS API server
+ *   npx rlhf-feedback-loop stats         # feedback analytics + Revenue-at-Risk
+ *   npx rlhf-feedback-loop pro           # upgrade to Cloud Pro
  */
 
 'use strict';
@@ -201,7 +198,7 @@ function capture() {
   const { captureFeedback, analyzeFeedback, feedbackSummary, writePreventionRules } = require(path.join(PKG_ROOT, 'scripts', 'feedback-loop'));
 
   if (args.stats) {
-    console.log(JSON.stringify(analyzeFeedback(), null, 2));
+    stats();
     return;
   }
 
@@ -248,7 +245,42 @@ function capture() {
 
 function stats() {
   const { analyzeFeedback } = require(path.join(PKG_ROOT, 'scripts', 'feedback-loop'));
-  console.log(JSON.stringify(analyzeFeedback(), null, 2));
+  const data = analyzeFeedback();
+  
+  console.log('\n📊 RLHF Performance Metrics');
+  console.log('─'.repeat(50));
+  console.log(`  Total Signals   : ${data.total}`);
+  console.log(`  Approval Rate   : ${Math.round(data.approvalRate * 100)}%`);
+  console.log(`  Recent Trend    : ${Math.round(data.recentRate * 100)}%`);
+  
+  // The Pitch: Revenue-at-Risk
+  const avgCostOfMistake = 2.50; // $2.50 per agent turn/fix
+  const revenueAtRisk = (data.totalNegative * avgCostOfMistake).toFixed(2);
+  
+  if (data.totalNegative > 0) {
+    console.log('\n⚠️  REVENUE-AT-RISK ANALYSIS');
+    console.log(`  Repeated Failures detected: ${data.totalNegative}`);
+    console.log(`  Estimated Operational Loss: $${revenueAtRisk}`);
+    console.log('  Action Required: Run "npx rlhf-feedback-loop rules" to generate guardrails.');
+    console.log('  Strategic Recommendation: Upgrade to Cloud Pro to sync these rules across your team.');
+    console.log('  Run: npx rlhf-feedback-loop pro');
+  } else {
+    console.log('\n✅ System is currently high-reliability. No immediate revenue loss detected.');
+  }
+}
+
+function pro() {
+  const stripeUrl = 'https://buy.stripe.com/bJe14neyU4r4f0leOD3sI02';
+  console.log('\n🚀 RLHF Feedback Loop — Cloud Pro');
+  console.log('─'.repeat(50));
+  console.log('Unlock the full Agentic Control Plane:');
+  console.log('  - Hosted Team API (Shared memory across all repos)');
+  console.log('  - ShieldCortex Managed Context Packs');
+  console.log('  - Automated DPO Training Pipelines');
+  console.log('  - SOC2-ready Governance Dashboard');
+  console.log('\n👉 Complete your upgrade here:');
+  console.log(`   ${stripeUrl}`);
+  console.log('\nOnce upgraded, run: npx rlhf-feedback-loop init --key=YOUR_PRO_KEY\n');
 }
 
 function summary() {
@@ -307,11 +339,38 @@ function prove() {
 }
 
 function serve() {
-  // Start MCP server over stdio — used by `claude mcp add`, `codex mcp add`, `gemini mcp add`
+  const rlhfDir = path.join(CWD, '.rlhf');
+  if (!fs.existsSync(rlhfDir) && !fs.existsSync(path.join(CWD, '.claude', 'memory', 'feedback'))) {
+    // If not initialized, ensure global fallback exists
+    const projectName = path.basename(CWD) || 'default';
+    const globalDir = path.join(HOME, '.rlhf', 'projects', projectName);
+    if (!fs.existsSync(globalDir)) {
+      fs.mkdirSync(globalDir, { recursive: true });
+    }
+  }
+
+  // Start MCP server over stdio
   const mcpServer = path.join(PKG_ROOT, 'adapters', 'mcp', 'server-stdio.js');
   require(mcpServer);
 }
 
+function install() {
+  console.log('Installing RLHF Feedback Loop as a global MCP skill...');
+  const results = [
+    setupClaude(),
+    setupCodex(),
+    setupGemini(),
+    setupCursor()
+  ];
+  const success = results.some(r => r === true);
+  if (success) {
+    console.log('\nSuccess! RLHF Feedback Loop is now available to your agents.');
+    console.log('Try asking your agent: "Capture positive feedback for this task"');
+  } else {
+    console.log('\nRLHF Feedback Loop is already configured.');
+  }
+}
+
 function startApi() {
   const serverPath = path.join(PKG_ROOT, 'src', 'api', 'server.js');
   try {
@@ -329,32 +388,29 @@ function help() {
   console.log('  init                  Scaffold .rlhf/ config + MCP server in current project');
   console.log('  serve                 Start MCP server (stdio) — for claude/codex/gemini mcp add');
   console.log('  capture [flags]       Capture feedback (--feedback=up|down --context="..." --tags="...")');
-  console.log('  stats                 Show feedback analytics');
+  console.log('  stats                 Show feedback analytics + Revenue-at-Risk');
   console.log('  summary               Human-readable feedback summary');
   console.log('  export-dpo            Export DPO training pairs (prompt/chosen/rejected JSONL)');
   console.log('  rules                 Generate prevention rules from repeated failures');
   console.log('  self-heal             Run self-healing check and auto-fix');
+  console.log('  pro                   Upgrade to Cloud Pro ($10/mo)');
   console.log('  prove [--target=X]    Run proof harness (adapters|automation|attribution|lancedb|...)');
   console.log('  start-api             Start the RLHF HTTPS API server');
   console.log('  help                  Show this help message');
   console.log('');
   console.log('Examples:');
   console.log('  npx rlhf-feedback-loop init');
-  console.log('  npx rlhf-feedback-loop capture --feedback=up --context="all tests pass"');
-  console.log('  npx rlhf-feedback-loop capture --feedback=down --context="broke prod" --what-went-wrong="no tests"');
-  console.log('  npx rlhf-feedback-loop export-dpo');
   console.log('  npx rlhf-feedback-loop stats');
-  console.log('');
-  console.log('MCP install (one command per platform):');
-  console.log('  claude mcp add rlhf -- npx -y rlhf-feedback-loop serve');
-  console.log('  codex mcp add rlhf -- npx -y rlhf-feedback-loop serve');
-  console.log('  gemini mcp add rlhf -- npx -y rlhf-feedback-loop serve');
+  console.log('  npx rlhf-feedback-loop pro');
 }
 
 switch (COMMAND) {
   case 'init':
     init();
     break;
+  case 'install':
+    install();
+    break;
   case 'serve':
   case 'mcp':
     serve();
@@ -379,6 +435,9 @@ switch (COMMAND) {
   case 'self-heal':
     selfHeal();
     break;
+  case 'pro':
+    pro();
+    break;
   case 'prove':
     prove();
     break;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "rlhf-feedback-loop",
-  "version": "0.6.6",
-  "description": "Make your AI agent learn from mistakes. Capture thumbs up/down feedback, block repeated failures, export DPO training data. Works with ChatGPT, Claude, Codex, Gemini, Amp.",
+  "version": "0.6.8",
+  "description": "Production RLHF & DPO data pipeline for AI agents. Optimize agentic reliability with Feedback-Driven Development (FDD). Capture human preference signals, generate automated guardrails, and export DPO training pairs. Compatible with Claude, GPT-4, Gemini, and multi-agent systems.",
   "homepage": "https://github.com/IgorGanapolsky/rlhf-feedback-loop#readme",
   "repository": {
     "type": "git",
@@ -91,6 +91,13 @@
     "amp",
     "mcp",
     "model-context-protocol",
+    "agentic-reliability",
+    "feedback-driven-development",
+    "agentic-workflows",
+    "ai-search-optimization",
+    "generative-engine-optimization",
+    "fdd",
+    "geo",
     "agent-evaluation",
     "prompt-engineering",
     "context-engineering",
@@ -101,10 +108,12 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@huggingface/transformers": "^3.8.1",
-    "@lancedb/lancedb": "^0.26.2",
     "apache-arrow": "^18.1.0",
     "stripe": "^20.4.0"
   },
-  "mcpName": "io.github.IgorGanapolsky/rlhf-feedback-loop"
+  "mcpName": "io.github.IgorGanapolsky/rlhf-feedback-loop",
+  "optionalDependencies": {
+    "@lancedb/lancedb": "^0.26.2",
+    "@huggingface/transformers": "^3.8.1"
+  }
 }

package/scripts/billing.js

@@ -25,8 +25,9 @@ const crypto = require('crypto');
 
 const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY || '';
 const STRIPE_WEBHOOK_SECRET = process.env.STRIPE_WEBHOOK_SECRET || '';
+const GITHUB_MARKETPLACE_WEBHOOK_SECRET = process.env.GITHUB_MARKETPLACE_WEBHOOK_SECRET || '';
 const STRIPE_PRICE_ID = process.env.STRIPE_PRICE_ID || 'price_cloud_pro_49_monthly';
-const API_KEYS_PATH = path.resolve(
+const API_KEYS_PATH = process.env._TEST_API_KEYS_PATH || path.resolve(
   __dirname,
   '../.claude/memory/feedback/api-keys.json'
 );
@@ -443,20 +444,106 @@ function verifyWebhookSignature(rawBody, signature) {
 
   // Constant-time comparison
   try {
-    return crypto.timingSafeEqual(
-      Buffer.from(expected, 'hex'),
-      Buffer.from(parts.v1, 'hex')
-    );
+  return crypto.timingSafeEqual(
+    Buffer.from(expected, 'hex'),
+    Buffer.from(parts.v1, 'hex')
+  );
   } catch {
-    return false;
+  return false;
+  }
   }
-}
 
-// ---------------------------------------------------------------------------
-// Module exports
-// ---------------------------------------------------------------------------
+  /**
+  * Verify a GitHub Marketplace webhook signature.
+  * Returns true if valid, false if GITHUB_MARKETPLACE_WEBHOOK_SECRET is not set (local mode).
+  *
+  * @param {string|Buffer} rawBody - Raw request body bytes
+  * @param {string} signature - Value of x-hub-signature-256 header
+  * @returns {boolean}
+  */
+  function verifyGithubWebhookSignature(rawBody, signature) {
+  if (!GITHUB_MARKETPLACE_WEBHOOK_SECRET) {
+  // Local mode — skip signature verification
+  return true;
+  }
+
+  if (!signature || !rawBody) {
+  return false;
+  }
+
+  const hmac = crypto.createHmac('sha256', GITHUB_MARKETPLACE_WEBHOOK_SECRET);
+  const digest = Buffer.from('sha256=' + hmac.update(rawBody).digest('hex'), 'utf8');
+  const checksum = Buffer.from(signature, 'utf8');
+
+  // Constant-time comparison
+  return checksum.length === digest.length && crypto.timingSafeEqual(digest, checksum);
+  }
+
+  /**
+  * Handle a GitHub Marketplace webhook event.
+  *
+  * Supported actions:
+  *   purchased — provision API key for the new customer
+  *   changed — plan update (upgrade/downgrade)
+  *   cancelled — disable all keys for that customer
+  *
+  * @param {object} event - Parsed GitHub Marketplace event object
+  * @returns {{ handled: boolean, action?: string, result?: object }}
+  */
+  function handleGithubWebhook(event) {
+  const { action, marketplace_purchase } = event;
+  if (!action || !marketplace_purchase) {
+  return { handled: false, reason: 'missing_payload_data' };
+  }
+
+  const account = marketplace_purchase.account;
+  if (!account || !account.id) {
+  return { handled: false, reason: 'missing_account_id' };
+  }
+
+  // Map GitHub account to customerId: github_<user|organization>_<id>
+  const customerId = `github_${account.type.toLowerCase()}_${account.id}`;
 
-module.exports = {
+  switch (action) {
+  case 'purchased': {
+    const result = provisionApiKey(customerId);
+    return {
+      handled: true,
+      action: 'provisioned_api_key',
+      result,
+    };
+  }
+
+  case 'cancelled': {
+    const result = disableCustomerKeys(customerId);
+    return {
+      handled: true,
+      action: 'disabled_customer_keys',
+      result,
+    };
+  }
+
+  case 'changed': {
+    // In this simple model, we just ensure a key exists and is active.
+    // Upgrades/downgrades don't change basic API access unless we had tiered features.
+    const result = provisionApiKey(customerId);
+    return {
+      handled: true,
+      action: 'plan_changed',
+      result,
+    };
+  }
+
+  default:
+    return { handled: false, reason: `unhandled_action:${action}` };
+  }
+  }
+
+  // ---------------------------------------------------------------------------
+  // Module exports
+  // ---------------------------------------------------------------------------
+
+  module.exports = {
   createCheckoutSession,
   provisionApiKey,
   validateApiKey,
@@ -464,8 +551,11 @@ module.exports = {
   disableCustomerKeys,
   handleWebhook,
   verifyWebhookSignature,
+  verifyGithubWebhookSignature,
+  handleGithubWebhook,
   loadKeyStore,
   // Expose for testing
   _API_KEYS_PATH: API_KEYS_PATH,
   _LOCAL_MODE: () => LOCAL_MODE,
-};
+  };
+

package/scripts/deploy-gcp.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+# GSD: Deploy RLHF Control Plane to Google Cloud Run
+
+PROJECT_ID=$(gcloud config get-value project)
+SERVICE_NAME="rlhf-control-plane"
+REGION="us-central1"
+
+echo "🚀 Deploying Agentic Control Plane to $REGION..."
+
+gcloud builds submit --tag gcr.io/$PROJECT_ID/$SERVICE_NAME
+gcloud run deploy $SERVICE_NAME \
+  --image gcr.io/$PROJECT_ID/$SERVICE_NAME \
+  --platform managed \
+  --region $REGION \
+  --allow-unauthenticated \
+  --set-env-vars RLHF_ALLOW_INSECURE=true
+
+echo "✅ Success! Your Control Plane is live."
+gcloud run services describe $SERVICE_NAME --region $REGION --format='value(status.url)'

package/scripts/feedback-loop.js

@@ -29,14 +29,43 @@ const DOMAIN_CATEGORIES = [
   'git-workflow', 'documentation', 'debugging', 'architecture', 'data-modeling',
 ];
 
+const HOME = process.env.HOME || process.env.USERPROFILE || '';
+
 function getFeedbackPaths() {
-  const feedbackDir = process.env.RLHF_FEEDBACK_DIR || DEFAULT_FEEDBACK_DIR;
+  if (process.env.RLHF_FEEDBACK_DIR) {
+    const d = process.env.RLHF_FEEDBACK_DIR;
+    return {
+      FEEDBACK_DIR: d,
+      FEEDBACK_LOG_PATH: path.join(d, 'feedback-log.jsonl'),
+      MEMORY_LOG_PATH: path.join(d, 'memory-log.jsonl'),
+      SUMMARY_PATH: path.join(d, 'feedback-summary.json'),
+      PREVENTION_RULES_PATH: path.join(d, 'prevention-rules.md'),
+    };
+  }
+
+  // Auto-discovery order:
+  // 1. .rlhf/ (Standard)
+  // 2. .claude/memory/feedback/ (Legacy Claude)
+  // 3. ~/.rlhf/projects/<cwd-basename>/ (Global fallback for true plug-and-play)
+
+  const localRlhf = path.join(process.cwd(), '.rlhf');
+  const localClaude = path.join(process.cwd(), '.claude', 'memory', 'feedback');
+  
+  let baseDir = localRlhf;
+  if (!fs.existsSync(localRlhf) && fs.existsSync(localClaude)) {
+    baseDir = localClaude;
+  } else if (!fs.existsSync(localRlhf)) {
+    // Zero-Config Global Fallback
+    const projectName = path.basename(process.cwd()) || 'default';
+    baseDir = path.join(HOME, '.rlhf', 'projects', projectName);
+  }
+
   return {
-    FEEDBACK_DIR: feedbackDir,
-    FEEDBACK_LOG_PATH: path.join(feedbackDir, 'feedback-log.jsonl'),
-    MEMORY_LOG_PATH: path.join(feedbackDir, 'memory-log.jsonl'),
-    SUMMARY_PATH: path.join(feedbackDir, 'feedback-summary.json'),
-    PREVENTION_RULES_PATH: path.join(feedbackDir, 'prevention-rules.md'),
+    FEEDBACK_DIR: baseDir,
+    FEEDBACK_LOG_PATH: path.join(baseDir, 'feedback-log.jsonl'),
+    MEMORY_LOG_PATH: path.join(baseDir, 'memory-log.jsonl'),
+    SUMMARY_PATH: path.join(baseDir, 'feedback-summary.json'),
+    PREVENTION_RULES_PATH: path.join(baseDir, 'prevention-rules.md'),
   };
 }
 

package/scripts/prove-adapters.js

@@ -323,8 +323,10 @@ async function runProof(options = {}) {
   } catch (err) {
     addResult('fatal', false, { error: err.message });
   } finally {
-    await new Promise((resolve) => server.close(resolve));
-    fs.rmSync(tmpFeedbackDir, { recursive: true, force: true });
+    if (server) await new Promise((resolve) => server.close(resolve));
+    try {
+      fs.rmSync(tmpFeedbackDir, { recursive: true, force: true });
+    } catch (e) {}
   }
 
   if (writeArtifacts) {

package/scripts/prove-lancedb.js

@@ -140,8 +140,8 @@ async function runProof() {
   let vec03Status = 'fail';
   let vec03Evidence = '';
   try {
-    const arrowSpec = PKG.dependencies['apache-arrow'] || '';
-    const lanceSpec = PKG.dependencies['@lancedb/lancedb'] || '';
+    const arrowSpec = PKG.dependencies['apache-arrow'] || PKG.optionalDependencies['apache-arrow'] || '';
+    const lanceSpec = PKG.dependencies['@lancedb/lancedb'] || PKG.optionalDependencies['@lancedb/lancedb'] || '';
 
     // Check if spec pins to <= 18.1.0 (either "18.1.0", "^18.1.0", or "~18.1.0")
     const arrowVersion = arrowSpec.replace(/[\^~>=<]*/g, '').split('.').map(Number);

package/src/api/server.js

@@ -37,6 +37,8 @@ const {
   recordUsage,
   handleWebhook,
   verifyWebhookSignature,
+  verifyGithubWebhookSignature,
+  handleGithubWebhook,
   loadKeyStore,
 } = require('../../scripts/billing');
 
@@ -195,6 +197,30 @@ function createApiServer() {
       return;
     }
 
+    if (req.method === 'GET' && pathname === '/.well-known/mcp/server-card.json') {
+      sendJson(res, 200, {
+        name: 'rlhf-feedback-loop',
+        description: 'RLHF feedback loop for AI agents. Capture feedback, block mistakes, export DPO data.',
+        version: pkg.version,
+        tools: [
+          { name: 'recall', description: 'Recall relevant past feedback for current task' },
+          { name: 'capture_feedback', description: 'Capture thumbs up/down feedback' },
+          { name: 'feedback_stats', description: 'Feedback analytics' },
+          { name: 'feedback_summary', description: 'Human-readable feedback summary' },
+          { name: 'prevention_rules', description: 'Generate prevention rules from failures' },
+          { name: 'export_dpo_pairs', description: 'Export DPO training pairs' },
+          { name: 'construct_context_pack', description: 'Build bounded context pack' },
+          { name: 'evaluate_context_pack', description: 'Record context pack outcome' },
+          { name: 'context_provenance', description: 'Audit trail of context decisions' },
+          { name: 'list_intents', description: 'Available action plans' },
+          { name: 'plan_intent', description: 'Generate execution plan' },
+        ],
+        repository: 'https://github.com/IgorGanapolsky/rlhf-feedback-loop',
+        homepage: 'https://rlhf-feedback-loop-710216278770.us-central1.run.app',
+      });
+      return;
+    }
+
     if (req.method === 'GET' && pathname === '/health') {
       sendJson(res, 200, {
         status: 'ok',
@@ -240,6 +266,42 @@ function createApiServer() {
       return;
     }
 
+    // GitHub Marketplace webhook
+    if (req.method === 'POST' && pathname === '/v1/billing/github-webhook') {
+      try {
+        const rawBody = await new Promise((resolve, reject) => {
+          const chunks = [];
+          req.on('data', (c) => chunks.push(c));
+          req.on('end', () => resolve(Buffer.concat(chunks)));
+          req.on('error', reject);
+        });
+
+        const sig = req.headers['x-hub-signature-256'] || '';
+        if (!verifyGithubWebhookSignature(rawBody, sig)) {
+          sendJson(res, 400, { error: 'Invalid webhook signature' });
+          return;
+        }
+
+        let event;
+        try {
+          event = JSON.parse(rawBody.toString('utf-8'));
+        } catch {
+          sendJson(res, 400, { error: 'Invalid JSON in webhook body' });
+          return;
+        }
+
+        const result = handleGithubWebhook(event);
+        sendJson(res, 200, result);
+      } catch (err) {
+        if (err.statusCode) {
+          sendJson(res, err.statusCode, { error: err.message });
+        } else {
+          sendJson(res, 500, { error: err.message || 'Internal Server Error' });
+        }
+      }
+      return;
+    }
+
     if (!isAuthorized(req, expectedApiKey)) {
       sendJson(res, 401, { error: 'Unauthorized' });
       return;